In our ‘Cyber Security Hero’ series, we shine the spotlight on one technology professional and how they got into the world of cyber security.
Kendra Cooley is a rising star in information security. As a certified infosec manager (CISSP) with a degree in digital forensics, Kendra’s experience in managing and scaling security departments ranges from threat detection to vulnerability management and incident response. She understands firsthand how security awareness training for employees at all levels of an organization is the #1 way to mitigate risk.
In this Cyber Security Hero spotlight, learn how Kendra launched into the world of infosec, how she transforms organizations with a culture of security, and why she’s on a mission to help her fellow emerging cyber leaders.
So much of my career has been based on my connections and being at the right place at the right time, and I fully recognize how difficult it is to get into this space.
The Start of Our Cyber Security Hero’s Journey
After graduating from high school, instead of heading straight to college, Kendra moved from her home state of Michigan to Nashville and started working full-time in administrative operations for Jackson — an enterprise financial services organization. It was at Jackson where she was first introduced to the world of compliance and the supporting technology infrastructure.
Kendra worked for the company for more than a year when she moved back to Michigan and began reporting to the vice president of IT security, and the director of mainframe provisioning. This opened her eyes to the reality of what it took for an organization to remain in compliance from a technology perspective, and how employees could expose the business to potential cyber risks. It was a natural fit and inspired Kendra to pursue her degree in digital forensics.
“I thought I wanted to work for the FBI, but then I realized I didn’t want to be the person going after cyber criminals,” Kendra explained. “I was more interested in looking at the technology to prove something happened to a machine. By understanding what caused an incident to occur, and the impact it had, then we could determine how to prevent it from happening again.”
While she was still in school, and having been at Jackson for nearly three years, Kendra was promoted to Information Security Administrator and then another promotion came a year later to Information Security Analyst. She credits her managers at work who were willing to take her under their wing to get her foot in the door into the industry.
“There are so many talented people working hard to get to this point, but there are not enough people who are willing to take a chance to bring them into their organization,” Kendra said. “I was lucky to be learning about the industry with real experience at work while I was simultaneously working on my degree.”
Building a Cyber Security Career by Doing Something Different
Kendra graduated from college in 2016 — having been at Jackson for more than five years — and was offered the opportunity to become Information Security Analyst Team Lead at Duo. This was her first opportunity to create a new security awareness program from the ground up and develop training for the company’s hundreds of employees.
From Duo, Kendra moved on to Mailchimp where she served as Information Security Program Manager for nearly two years. It was at Mailchimp when Kendra connected with the Curricula team, as she was responsible for developing security training for Mailchimp’s 1,000+ employees. After nearly two years at Mailchimp’s Atlanta HQ, another move back home to Michigan led Kendra to her current role as Senior Information Security Manager at Webflow.
For Kendra, one of the first things she does when entering a new organization is to send out a phishing simulation to see how many employees might click the email or give up their credentials. “This is how I set the baseline for what I want and need to do from an internal security perspective,” Kendra explained, as having this data was important to show her executive leadership team just how vulnerable the company was to a cyber attack.
She knows this all too well from her experience of how important it is to have everyone in the organization invested in cyber security. “Employees say ‘we’re secure, we don’t need training’ but so many people just don’t understand the level of risk they’re opening themselves—and the company—up to when they click something.”
[blockquote]That’s when I started looking for a new security awareness training company and ultimately what led to me using Curricula.[/blockquote]
Knowing she wanted to do something different and would need more than the usual training content to engage her highly intelligent team members, Kendra opted to look for a fun security awareness program with a compelling story. That’s when she learned about Curricula and what it meant to ‘Defend Against DeeDee!’
Kendra said one of the things she personally fell in love with is how the Curricula team talked about ‘Curriculaville’. “I thought, ‘That’s so cute! Who wouldn’t want to participate in training like this?’” But she also wanted her team of tech-savvy pros to feel a level of investment in their cyber security training and recognized that giving them a voice was important in the decision-making process.
Being Human in A Digital World
True heroes believe in the power of teamwork, and that’s one main reason for Kendra’s success. She recognizes that we’re all in this together to defend against cyber attacks.
Kendra explained that one reason she’s so passionate about cyber security training is that she not only cares about her employees’ security at work but also what they do on their personal accounts. It’s becoming increasingly common that mistakes people make by falling victim to an email phishing scam or through social engineering are how a bad actor is able to get access to a company’s accounts.
“Hackers target us in emails based on things they’ve discovered about us, looking at LinkedIn to see what tools we use, looking at Twitter to see someone you ‘@’ mentioned, phishing with a free coupon, you name it,” Kendra said.
[blockquote]Helping everyone to understand the very fine line between their work life and personal life is the bridge that I’m always trying to build.[/blockquote]
And when it comes to building bridges, Kendra also believes in the power of paying it forward by also setting up the next generation of cyber security leaders for success. Because she had mentorship at work and people who were willing to provide her with training in the world of cyber security, one way that Kendra tries to encourage this behavior is to share her own stories and challenges, especially on LinkedIn with her fellow IT and infosec colleagues. It’s this community approach that will help to keep us all safer online.
We are thankful to share Kendra’s story, for her time, and for all the awesome work she’s doing in the infosec world. Follow along with Kendra’s story by following her on Twitter, and while you’re at it, follow Curricula, too.